Weekly Edition
Return to the Press page
| |||||||||||||
|
| |||||||||||||
Running Windows viruses with Wine (NewsForge)
Matt Moen
has some fun playing with Windows viruses on Linux under Wine.
"Out of the five Windows viruses I ran under Wine, not a single one was able to send email and propagate itself. When I went out of my way to be part of the Windows community by doing my part to propagate Windows viruses (lots of Windows users seem to think this is important, seeing as how they run random executables and use Microsoft Outlook and Internet Explorer) I discovered that it couldn't easily be done with GNU/Linux tools."
Thanks to Tres Melton.
(Log in to post comments)
Let's not get too smug ... Posted Jan 27, 2005 18:47 UTC (Thu) by JoeBuck (subscriber, #2330) [Link] It seems that the failures here are not because of any security measures in Wine, but rather the fact that Wine, as its name suggests, is still a rather limited Windows emulator, with many missing and broken features. Should Wine improve further, at some point an "easy to use" distribution will decide that when the user clicks on a file that happens to be a Windows executable, Wine will be invoked to run it, and if that executable decides to mail a copy of itself to every address on that user's machine, it will do just that.
Let's not get too smug ... Posted Jan 27, 2005 19:54 UTC (Thu) by ccchips (subscriber, #3222) [Link] Which distribution? You mean, like the one that encourages people to run as Root?
I figure most distributions with Wine would let mail go through, but I would nope they wouldn't let the virus deleate everything in the /usr/bin directory......
Let's not get too smug ... Posted Jan 27, 2005 19:56 UTC (Thu) by ccchips (subscriber, #3222) [Link] .course, lots o' distributions let everyone have read/write access to the "C" drive, where Windows lives, but who cares????
Let's not get too smug ... Posted Jan 28, 2005 9:32 UTC (Fri) by job (subscriber, #670) [Link] That was true five or ten years ago. Now, it may be even worse to allow an untrusted application access to sending mail than to let it remove /usr/bin. I think Linux has to adjust to the new rules of today and change its security policies.
Let's not get too smug ... Posted Jan 28, 2005 17:53 UTC (Fri) by proski (subscriber, #104) [Link] Exactly. A forged e-mail can ruin someone's life, while the contents of /usr/bin is freely available and can be restored. A virus could even use gpg to sign the e-mail for you if you have no passphrase.
Wine is not an emulator Posted Jan 27, 2005 21:14 UTC (Thu) by fache (guest, #23795) [Link] "Wine is an Open Source implementation of the Windows API on top of X and Unix."
Just to clarify matters.
That means that a program running under Wine is not confined into a sort of virtual machine: it _is_ running in your Linux system. Potentially, it could delete all your files. Ok, in reality, it is stuck inside whatever directory you specified as windows drives, but isn't it common to give / as one of the drives for ease of use?
But of course, it will only delete _your_ files, and you don't care 'cause you have a backup... haven't you?
OK, let's get smug then Posted Jan 28, 2005 0:36 UTC (Fri) by leonbrooks (guest, #1494) [Link] WINE explicitly refuses to run stuff if the parent EXE is MS-Outlook. I'd call that a serious security feature. What are the ~200k Win32 viruses going to use for a carrier now?
Let's not get too smug ... Posted Jan 28, 2005 5:34 UTC (Fri) by tzafrir (subscriber, #11501) [Link] Sending a mail to other users is smething that should be as easy as possible. IMHO any proper system should have a functioning /usr/sbin/sendmail executable for that.
However...
A. You should never trust executables from an untrusted source. A mail message is such an untrusted source unless you have a very good reason to trust it.
All linux mailers I know pass here. Except kmail has basically the same handling (user-interface-wise) for atached images and attached exeutables. With the right trick it may be exploitable.
B. You shouldn't go about in your system executing everything. At least not when you just want to view it. I think that recent user-friendly file-managers fail at this point.
C. You should not do unnecessary things as root. This will not prevent a piece of malicious code from mailing itself to the world, but will gravely limit its damage and its ability to hide itself.
|
|
||||||||||||